DDoS attacks are nothing new. In fact, they represent one of the oldest forms of cyber-attack and often play a broader role in the strategies used by cybercriminals. In this article, we’ll discuss the different forms that DDoS attacks take and how to prevent them from reaping havoc on your business.
DoS, or Denial of Service, attacks are cyber-attacks which flood networks with massive volumes of packets or requests. This is done with the end goal of disrupting the availability of applications to users.
A Distributed Denial of Service attack, DDoS, follows the same principle but harnesses multiple controlled or compromised systems (networks of computers) to perform the attack.
Recent examples of DDoS attacks include the conflict in Ukraine. Russia has launched several attacks aimed at disrupting Ukrainian infrastructure and services to open up a ‘cyber front’ to their invasion. This illustrates how DDoS attacks are developing to form part of the larger strategy employed in both cyberwarfare and cybercrime. The initial DDoS attacks are often used to distract network admins (or in this case, the defense of an entire country) whilst data theft or ransomware is used to capitalise on the chaos created by the initial threat.
This issue is also increasingly prevalent, with DDoS attacks now becoming more frequent and sophisticated. Security researchers NetScout have shown an 11% growth in DDoS attacks in the first half of 2021 when compared to the previous year, and with a greater share of these attacks involving ransomware.
Now that we’ve discussed exactly what a DDoS attack is, and covered some examples, let’s examine some forms that DDoS attacks can take.
DDoS attacks represent a broad group of potential cyberthreats, so understanding which areas of your network certain attacks target can be useful to help protect your system. There’s a lot to go into here, so we’ll focus on some of the most common methods of attack.
Different DDoS attacks aim to disrupt or hijack different stages of the data transmission process. A common technique to target the infrastructure layer is Data Gram Packet (UDP) floods. UDPs can send forged UDP packets with fake details, such as IP addresses. This produces false error requests and, with a large volume of traffic, can overwhelm networks. However, because these attacks are volumetric, they are easier to detect than other DDoS attacks.
Another target for DDoS attacks is the Application Layer. These attacks are generally smaller in volume than volumetric attacks and are often more sophisticated, targeting vulnerable areas of the network. An example of this would be HTTP floods, which overload servers with requests that are computationally difficult for the receiving servers to process, as multiple files and databases need to be loaded in order to generate a webpage. By sending many of these HTTP requests, hackers disrupt applications, causing a denial-of-service.
So now we’ve clarified some of the various types of DDoS attacks. How much can these threats cost your business?
This is hard to quantify as different organisations will experience different costs and expenses from downtime caused by DDoS attacks. Different figures have been suggested with Veeam reporting that an hour of downtime from a high priority application can cost $67,651. In addition, the lack of access to certain applications can affect employee’s productivity, particularly those who work remotely. Another key consideration is loss of reputation.
Ransome DDoS attacks involve disrupting systems and then sending a ransom note to the victim, demanding payment from victims to stop the attack and sometimes even threatening to crash the victim’s network completely.
This puts organisations in a lose-lose situation as regardless of whether the ransom is paid, data will sometimes be sold to criminal contacts. Making your organisation appear less reputable to clients and prospects, potentially resulting in further loss of revenue.
This can all be a lot to think about, but before you panic, here are five tips to help mitigate future intrusions.
One of the most important aspects of DDoS mitigation is reducing the number of options hackers have to interact with your network. This makes your system less exposed to communication from other applications and protocols. Allowing the defenders to focus their mitigation efforts. Web Application Firewalls can help with this by controlling and restricting traffic to certain applications, resulting in an extra layer of protection between the internet and target servers. This is done using custom rules which to help identify DDoS attacks.
Another key factor is the ability to deal with large volumetric DDoS attacks by scaling up bandwidth and server capacity, allowing networks to better cope with massive floods of traffic. Additionally, the use of enhanced networking can also help support larger volumes of traffic.
As well as boosting your network’s overall capacity to deal with traffic, figuring out if traffic is normal and accepting only legitimate traffic takes the pressure off computing resources. This is done by establishing what normal traffic looks like and then comparing incoming packets of data to legitimate traffic.
An additional method to help control volumetric DDoS attacks is Rate Limiting, which involves controlling the number of requests a server will process over a certain amount of time. By giving the servers a quota like this, only the traffic which can actually be processed gets accepted by the system. This can help stop content theft and brute force logins, however more sophisticated attacks can still cause damage, so this alone isn’t a one size fits all solution.
Finally, one of the fastest ways to boost your systems resilience to DDoS attacks is to conduct a network vulnerability assessment. This gives a comprehensive overview of all the weak points in your security posture, allowing you to patch vulnerabilities before your organisation faces costly downtime and a drop in productivity. The assessment works by evaluating all the devices on your network, their purpose and any vulnerabilities which they may have, and which updates may be needed. This helps to determine which areas of your network need addressing with the most urgency. If this is something of interest to you, then please contact our team of security specialists to find out how we can help protect your network from Cyber-attacks.
In today's digital landscape, the concept of cyber resilience has taken centre stage. While disaster recovery (DR) solutions have been essential for organisations for years, more is needed to combat...
In today's digitally-driven workplace, efficiency and security are paramount concerns for businesses of all sizes. To address these challenges, Millgate has partnered with 42Gears to provide a robust Single Sign-On...
In today's fast-paced business environment, the management and security of mobile devices are paramount. Mobile Device Management (MDM) has emerged as a crucial solution, offering numerous advantages that can transform...